Unlock document.
This document is partially blurred.
Unlock all pages and 1 million more documents.
Get Access
In this book, when internet is spelled with a capital I, it means the global Internet.
Answer:
Backed-up data must be physically stored on something.
Answer:
You have access to your home page on a server. By accident, you discover that if you
hit a certain key, you can get into someone else's files. You spend just a few minutes
looking around. This is hacking.
Answer:
In a P2P attack, there is a change in the overall volume of traffic but the traffic pattern
is the same.
Answer:
Rogue access points are unauthorized access points set up by individuals or
departments.
Answer:
Authentication is the process of collecting information about the activities of each
individual in log files for immediate and later analysis.
Answer:
Many firms prioritize patches because the cost of installing all patches it too high.
Answer:
Biometric authentication is the strongest form of authentication.
Answer:
Centralized firewall management systems automatically create ACLs from policies.
Answer:
Ingress ACL rules typically permit a specific type of internally originated connection to
outside resources.
Answer:
Hotlines for reporting improper behavior are required by law to be non-anonymous.
Answer:
Signing a message digest means encrypting it with the sender's public key.
Answer:
In ingress and egress filtering, an SPI firewall always considers its ACL rules when a
new packet arrives that does not attempt to open a connection.
Answer:
18 U.S.C. 1030 prohibits hacking.
Answer:
If a defendant has already been prosecuted in a criminal trial, he or she cannot later be
tried in a civil trial.
Answer:
When companies studied where they stored private information, they found that much
of this information was stored inside spreadsheets and word processing documents.
Answer:
When a computer attempts to connect to a network, NAC queries the PC for
information present in the Windows Security Center to determine if all updates are
current and AV is working.
Answer:
Bandwidth limitation for certain types of traffic is less risky than dropping packets.
Answer:
Most countermeasure controls are preventative controls.
Answer:
Companies create codes of ethics in order to make ethical decision making more
predictable.
Answer:
When a company visits a website to collect public information about a competitor, this
is a form of trade secret espionage.
Answer:
In relational database, a row is the same as a tuple or record.
Answer:
Users should select very long and complex passwords and use the same password at all
sites for auditability.
Answer:
Typically, having enough shadow backup space for a few days is sufficient.
Answer:
IPsec a general protection strategy for all internet, transport, and application protocols.
Answer:
RTS frames tell other wireless clients that you want to transmit for a given amount of
time.
Answer:
Hashing is a reversible process.
Answer:
ARP is used to resolve 32-bit IP addresses into 48-bit local MAC addresses.
Answer:
There usually are two protocols for each application.
Answer:
When performing trend analysis, increasing granularity in queries is desirable.
Answer:
Different UNIX versions have different security methods.
Answer:
Spread spectrum transmission in wireless LANs provides security.
Answer:
A(n) ________ is a security weakness that makes a program vulnerable to attack.
A) attack vector
B) exploit
C) vulnerability
D) All of the above
Answer:
An attacker controlling bots in a coordinated attack against a victim is known as a
________.
A) DoS attack
B) DDoS attack
C) ICMP
D) None of the above.
Answer:
The normal standard for deciding a case in ________ trials is a preponderance of the
evidence.
A) civil
B) criminal
C) Both A and B
D) Neither A nor B
Answer:
Databases are ________.
A) integrated collections of data
B) integrated collections of metadata
C) Neither A nor B
D) Both A and B
Answer:
A DoS attack that uses TCP flags is called a ________ attack.
A) half-open
B) half-close
C) Both A and B
D) Neither A nor B
Answer:
It is acceptable for an employee to reveal ________.
A) confidential information
B) private information
C) trade secrets
D) None of the above
Answer:
________ are monetary gifts to induce an employee to favor a supplier or other party.
A) Bribes
B) Kickbacks
C) Both A and B
D) Neither A nor B
Answer:
Which of the following is one of the four steps in business process analysis?
A) Specifying resource needs
B) Prioritizing business processes
C) Both A and B
D) Neither A nor B
Answer:
A ________ is likely to have the same address each time it goes on the Internet.
A) client
B) server
C) Both A and B
D) Neither A nor B
Answer:
The owner can delegate ________ to the trustee.
A) the work of implementation of a resource or control
B) accountability for a resource or control
C) Both A and B
D) Neither A nor B
Answer:
An attacker types more data in a field than the programmer expected. This is a(n)
________ attack.
A) denial-of-service
B) directory traversal
C) buffer overflow
D) XSS
Answer:
In VoIP, encryption may ________.
A) reduce throughput
B) increase jitter
C) increase latency
D) make traffic unreadable
Answer:
RTP is used in ________.
A) signaling
B) transport
C) Both A and B
D) Neither A nor B
Answer:
Placing security within IT ________.
A) creates independence
B) is likely to give security stronger backing from the IT department
C) Both A and B
D) Neither A nor B
Answer:
In a man-in-the-middle attack, ________.
A) an evil twin must have a stronger signal than the legitimate AP
B) an evil twin sends own attacks, impersonating the victim
C) Both A and B
D) Neither A nor B
Answer:
The prosecutor must demonstrate ________ at the time of the action at the center of a
criminal trial.
A) reasonable doubt
B) mens rea
C) Both A and B
D) Neither A nor B
Answer:
The ________ authentication problem is that unless individuals are carefully vetted
before being allowed in a system, imposters can simply enroll through social
engineering.
A) core
B) prime
C) final
D) human
Answer:
What was the first core wireless security standard?
A) 802.11i
B) WPA
C) WEP
D) None of the above
Answer:
Countries would engage in cyberwar ________.
A) before a physical attack
B) after a physical attack
C) Both A and B
D) Neither A nor B
Answer:
Which of the following database events should be regularly audited?
A) Warnings and exceptions
B) Special access and logins
C) Changes
D) All of the above
Answer:
________ thwart replay attacks by ensuring "freshness" using cutoff values.
A) Time stamps
B) Sequence numbers
C) Nonces
D) All of the above.
Answer:
802.11i works in ________ mode.
A) pre-shared key
B) enterprise
C) Both A and B
D) Neither A nor B
Answer:
________ is necessary to protect the host against attacks.
A) Host hardening
B) Host bulwarking
C) Host shielding
D) None of the above
Answer:
________ is called Port-Based Access Control.
A) 802.11i
B) 802.1X
C) Both A and B
D) Neither A nor B
Answer:
The first step in developing an IT security plan is to ________.
A) determine needs
B) assess the current state of the company's security
C) create comprehensive security
D) prioritize security projects
Answer:
In SSL/TLS, a ________ is a specific set of security methods and options.
A) cryptographic system standard
B) cipher suite
C) chosen set
D) tuple
Answer:
________ are mandatory.
A) Standards
B) Guidelines
C) Both A and B
D) Neither A nor B
Answer:
Listing your friend's home in the local classifieds at a low price is equivalent to a
________.
A) P2P redirect
B) P2P port
C) DDoS
D) None of the above
Answer:
In codes, code symbols may represent ________.
A) complete words
B) complete phrases
C) individual letters
D) All of the above
Answer:
In public key encryption, "signing" is the act of ________.
A) adding the password to the challenge message and hashing the two
B) hashing the plain text message
C) encrypting the message digest with its own private key
D) encrypting the message digest with its own public key
Answer:
WEP stands for ________.
A) wireless equivalent privacy
B) wireless equivalent policy
C) wired equivalent privacy
D) wired equivalent policy
Answer:
